Adobe’s January Patch Tuesday security update contains five critical patches for Illustrator CC and four non-critical vulnerabilities for Adobe Experience Manager.
Two versions of Illustrator CC are covered in this release, 24.0 and 24.0.2 24.0, being impacted by the critical-rated CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714. All are memory code issues and can lead to arbitrary code execution if exploited. None are reported in the while at this time.
The Adobe Experience Manager vulnerabilities, which effect versions 6.5 and earlier, are CVE-2019-16466, CVE-2019-16467, CVE-2019-16468 and CVE-2019-16469 are not actively being exploited in the wild, but if this were to happen sensitive information could be gleaned from the system.
CVE-2019-16466 and CVE-2019-16467 are reflected cross-site scripting issues rated as important by Adobe. The moderate-rated CVE-2019-16468 and CVE-2019-16469 are, respectively, a user interface injection and expression language injection flaws.